sysdream · Lutie · Feb 23, 2021 · Feb 23, 2021 · Feb 23, 2021 · Feb 24, 2021
diff --git a/src/humanizer.ts b/src/humanizer.ts
@@ -1,7 +1,7 @@
-import { BaseMetric, BaseMetricValue } from './models';
+import { BaseMetric, Metric, MetricValue } from './models';
 
-export const humanizeBaseMetric = (baseMetric: BaseMetric): string => {
-  switch (baseMetric) {
+export const humanizeBaseMetric = (metric: Metric): string => {
+  switch (metric) {
     case BaseMetric.ATTACK_VECTOR:
       return 'Attack Vector';
     case BaseMetric.ATTACK_COMPLEXITY:
@@ -25,8 +25,8 @@ export const humanizeBaseMetric = (baseMetric: BaseMetric): string => {
 
 // eslint-disable-next-line complexity
 export const humanizeBaseMetricValue = (
-  value: BaseMetricValue,
-  metric: BaseMetric
+  value: MetricValue,
+  metric: Metric
 ): string => {
   switch (value) {
     case 'A':

diff --git a/src/models.ts b/src/models.ts
@@ -9,6 +9,26 @@ export enum BaseMetric {
   AVAILABILITY = 'A'
 }
 
+export enum TemporalMetric {
+  EXPLOITABILITY = 'E',
+  REMEDIATION_LEVEL = 'RL',
+  REPORT_CONFIDENCE = 'RC'
+}
+
+export enum EnvironmentalMetric {
+  ATTACK_VECTOR = 'MAV',
+  ATTACK_COMPLEXITY = 'MAC',
+  PRIVILEGES_REQUIRED = 'MPR',
+  USER_INTERACTION = 'MUI',
+  SCOPE = 'MS',
+  CONFIDENTIALITY = 'MC',
+  INTEGRITY = 'MI',
+  AVAILABILITY = 'MA',
+  CONFIDENTIALITY_REQUIREMENT = 'CR',
+  INTEGRITY_REQUIREMENT = 'IR',
+  AVAILABILITY_REQUIREMENT = 'AR'
+}
+
 export const baseMetrics: ReadonlyArray<BaseMetric> = [
   BaseMetric.ATTACK_VECTOR,
   BaseMetric.ATTACK_COMPLEXITY,
@@ -20,9 +40,27 @@ export const baseMetrics: ReadonlyArray<BaseMetric> = [
   BaseMetric.AVAILABILITY
 ];
 
-export type BaseMetricValue = 'A' | 'C' | 'H' | 'L' | 'N' | 'P' | 'R' | 'U';
+export const temporalMetrics: Metrics<TemporalMetric> = [
+  TemporalMetric.EXPLOITABILITY,
+  TemporalMetric.REMEDIATION_LEVEL,
+  TemporalMetric.REPORT_CONFIDENCE
+];
+
+export const environmentalMetrics: Metrics<EnvironmentalMetric> = [
+  EnvironmentalMetric.ATTACK_VECTOR,
+  EnvironmentalMetric.ATTACK_COMPLEXITY,
+  EnvironmentalMetric.PRIVILEGES_REQUIRED,
+  EnvironmentalMetric.USER_INTERACTION,
+  EnvironmentalMetric.SCOPE,
+  EnvironmentalMetric.CONFIDENTIALITY,
+  EnvironmentalMetric.INTEGRITY,
+  EnvironmentalMetric.AVAILABILITY,
+  EnvironmentalMetric.AVAILABILITY_REQUIREMENT,
+  EnvironmentalMetric.CONFIDENTIALITY_REQUIREMENT,
+  EnvironmentalMetric.INTEGRITY_REQUIREMENT
+];
 
-export const baseMetricValues: Record<BaseMetric, BaseMetricValue[]> = {
+export const baseMetricValues: MetricValues<BaseMetric, BaseMetricValue> = {
   [BaseMetric.ATTACK_VECTOR]: ['N', 'A', 'L', 'P'],
   [BaseMetric.ATTACK_COMPLEXITY]: ['L', 'H'],
   [BaseMetric.PRIVILEGES_REQUIRED]: ['N', 'L', 'H'],
@@ -32,3 +70,77 @@ export const baseMetricValues: Record<BaseMetric, BaseMetricValue[]> = {
   [BaseMetric.INTEGRITY]: ['N', 'L', 'H'],
   [BaseMetric.AVAILABILITY]: ['N', 'L', 'H']
 };
+
+export const environmentalMetricValues: MetricValues<
+  EnvironmentalMetric,
+  EnvironmentalMetricValue
+> = {
+  [EnvironmentalMetric.ATTACK_VECTOR]: ['N', 'A', 'L', 'P', 'X'],
+  [EnvironmentalMetric.ATTACK_COMPLEXITY]: ['L', 'H', 'X'],
+  [EnvironmentalMetric.PRIVILEGES_REQUIRED]: ['N', 'L', 'H', 'X'],
+  [EnvironmentalMetric.USER_INTERACTION]: ['N', 'R', 'X'],
+  [EnvironmentalMetric.SCOPE]: ['U', 'C', 'X'],
+  [EnvironmentalMetric.CONFIDENTIALITY]: ['N', 'L', 'H', 'X'],
+  [EnvironmentalMetric.INTEGRITY]: ['N', 'L', 'H', 'X'],
+  [EnvironmentalMetric.AVAILABILITY]: ['N', 'L', 'H', 'X'],
+  [EnvironmentalMetric.CONFIDENTIALITY_REQUIREMENT]: ['M', 'L', 'H', 'X'],
+  [EnvironmentalMetric.INTEGRITY_REQUIREMENT]: ['M', 'L', 'H', 'X'],
+  [EnvironmentalMetric.AVAILABILITY_REQUIREMENT]: ['M', 'L', 'H', 'X']
+};
+
+export const temporalMetricValues: MetricValues<
+  TemporalMetric,
+  TemporalMetricValue
+> = {
+  [TemporalMetric.EXPLOITABILITY]: ['X', 'U', 'P', 'F', 'H'],
+  [TemporalMetric.REMEDIATION_LEVEL]: ['X', 'O', 'T', 'W', 'U'],
+  [TemporalMetric.REPORT_CONFIDENCE]: ['X', 'U', 'R', 'C']
+};
+
+export const metricsIndex: { [key: string]: BaseMetric } = {
+  MAV: BaseMetric.ATTACK_VECTOR,
+  MAC: BaseMetric.ATTACK_COMPLEXITY,
+  MPR: BaseMetric.PRIVILEGES_REQUIRED,
+  MUI: BaseMetric.USER_INTERACTION,
+  MS: BaseMetric.SCOPE,
+  MC: BaseMetric.CONFIDENTIALITY,
+  MI: BaseMetric.INTEGRITY,
+  MA: BaseMetric.AVAILABILITY
+};
+
+export type Metric = BaseMetric | TemporalMetric | EnvironmentalMetric;
+export type AnyMetric = BaseMetric & TemporalMetric & EnvironmentalMetric;
+export type BaseMetricValue = 'A' | 'C' | 'H' | 'L' | 'N' | 'P' | 'R' | 'U';
+export type TemporalMetricValue =
+  | 'X'
+  | 'F'
+  | 'H'
+  | 'O'
+  | 'T'
+  | 'W'
+  | 'U'
+  | 'P'
+  | 'C'
+  | 'R';
+export type EnvironmentalMetricValue = BaseMetricValue | 'M' | 'X';
+export type MetricValue =
+  | BaseMetricValue
+  | TemporalMetricValue
+  | EnvironmentalMetricValue
+  | any;
+export type MetricValues<
+  M extends Metric = Metric,
+  V extends MetricValue = MetricValue
+> = Record<M, V[]>;
+export type Metrics<M = Metric> = ReadonlyArray<M>;
+export type AllMetricValues =
+  | typeof baseMetricValues
+  | typeof temporalMetricValues
+  | typeof environmentalMetricValues;
+
+export type ScoreResult = {
+  score: number;
+  impact: number;
+  exploitability: number;
+  metricsMap: Map<Metric, MetricValue>;
+};
diff --git a/src/parser.ts b/src/parser.ts
@@ -1,4 +1,4 @@
-import { BaseMetric, BaseMetricValue } from './models';
+import { BaseMetric, BaseMetricValue, Metric, MetricValue } from './models';
 
 export interface KeyValue<K, V> {
   key: K;
@@ -30,9 +30,7 @@ export const parseMetrics = (vectorStr: string): KeyValue<string, string>[] =>
     return { key: parts[0], value: parts[1] };
   });
 
-export const parseMetricsAsMap = (
-  cvssStr: string
-): Map<BaseMetric, BaseMetricValue> =>
+export const parseMetricsAsMap = (cvssStr: string): Map<Metric, MetricValue> =>
   parseMetrics(parseVector(cvssStr) || '').reduce(
     (
       res: Map<BaseMetric, BaseMetricValue>,